[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 2/3] x86/vmx: Fix IRQ handling for EXIT_REASON_INIT

  • To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Thu, 11 Jan 2024 23:13:22 +0000
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Reima ISHII <ishiir@xxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, "Takahiro Shinagawa" <shina@xxxxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Thu, 11 Jan 2024 23:13:36 +0000
  • Ironport-data: A9a23:d2lgNaJPpNP3A1ypFE+R6pUlxSXFcZb7ZxGr2PjKsXjdYENS1zEOx mBNXjrTaffYa2L3fohxPIS/p08OuJXRnYVjG1FlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAhk/nOHvylULKs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrfwP9TlK6q4m9A5wVnPasjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c5rPVhFq r8fMwoiMA6cu8zr/aOWduRV05FLwMnDZOvzu1llxDDdS/0nXYrCU+PB4towMDUY354UW6yEP oxANGspM0yojx5nYz/7DLoXmuuyi2a5WDpfsF+P/oI84nTJzRw327/oWDbQUoXQFJ8PzhvE+ Aoq+UzkMyEIF9udlQGf1VCL2faMsQ64Q5gdQejQGvlC3wTImz175ActfUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxasvwUcWttKO+J85QqGjLeR/wGaF29CRzUHasROnO0cSCEu1 1SJt8j0HjEpu7qQIVqC8p+EoDX0PjIaRUcAeClCSwIG6tvipYgbjxTTQ9IlG6mw5vX2FC/xx XaWrSE4r7QVkcMPka68+Djvnzupr4PhUg0x6wPYT2+hqAh+YeaNfIyp71Hz4P1LapvcUl6Cr X9CksPY7vhmMH2WvHXTGqNXRujvvqvUdmKE6bJyI3U/3yiRwnX8PodL2h4gOlhVHJs5aBLVb XaG7Gu9+6Rv0GuWgb5fOt3pV517lfa8SLzYuubogs2ii6WdlTNrHwk0PCZ8J0i3zCARfVgXY P93i/qEA3cAErhAxzGrXeob2rJD7nlhnT+KFMqrkE38gOb2iJuppVAtaQbmUwzExPnc/FW9H yh3a6NmNCmzoMWhO3KKoOb/3HgBLGQhBICeliCkXrfrH+aSI0l4U6W56ep4K+RYc1F9yr+gE oeVBhUJlzISRBTvdW23V5yUQOq0Dc4u9CNhZ3xE0JTB8yFLXLtDJZw3L/MfFYTLPsQ6pRKoZ 5Hpo/m9P8k=
  • Ironport-hdrordr: A9a23:OMyhr6/A0yZvTIlqH9tuk+DgI+orL9Y04lQ7vn2YSXRuHPBw8P re5cjztCWE7gr5N0tBpTntAsW9qDbnhPtICOoqTNCftWvdyQiVxehZhOOIqVDd8m/Fh4pgPM 9bAtBD4bbLbGSS4/yU3ODBKadD/OW6
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
When receiving an INIT, a prior bugfix tried to ignore the INIT and continue
onwards.

Unfortunately it's not safe to return at that point in vmx_vmexit_handler().
Just out of context in the first hunk is a local_irqs_enabled() which is
depended-upon by the return-to-guest path, causing the following checklock
failure in debug builds:

  (XEN) Error: INIT received - ignoring
  (XEN) CHECKLOCK FAILURE: prev irqsafe: 0, curr irqsafe 1
  (XEN) Xen BUG at common/spinlock.c:132
  (XEN) ----[ Xen-4.19-unstable  x86_64  debug=y  Tainted:     H  ]----
  ...
  (XEN) Xen call trace:
  (XEN)    [<ffff82d040238e10>] R check_lock+0xcd/0xe1
  (XEN)    [<ffff82d040238fe3>] F _spin_lock+0x1b/0x60
  (XEN)    [<ffff82d0402ed6a8>] F pt_update_irq+0x32/0x3bb
  (XEN)    [<ffff82d0402b9632>] F vmx_intr_assist+0x3b/0x51d
  (XEN)    [<ffff82d040206447>] F vmx_asm_vmexit_handler+0xf7/0x210

Luckily, this is benign in release builds.  Accidentally having IRQs disabled
when trying to take an IRQs-on lock isn't a deadlock-vulnerable pattern.

Drop the problematic early return.  In hindsight, it's wrong to skip other
normal VMExit steps.

Fixes: b1f11273d5a7 ("x86/vmx: Don't spuriously crash the domain when INIT is 
received")
Reported-by: Reima ISHII <ishiir@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Jun Nakajima <jun.nakajima@xxxxxxxxx>
CC: Kevin Tian <kevin.tian@xxxxxxxxx>
CC: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
CC: Reima Ishii <ishiir@xxxxxxxxxxxxxxxxxxx>
CC: Takahiro Shinagawa <shina@xxxxxxxxxxxxxxxxx>
CC: George Dunlap <george.dunlap@xxxxxxxxxx>

With this patch in place, the INIT is ignored and the guest continues:

  (XEN) HVM1 restore: CPU 0
  (d1) --- Xen Test Framework ---
  (d1) Environment: HVM 64bit (Long mode 4 levels)
  (XEN) Error: INIT received - ignoring
  (d1) Test result: SUCCESS

v2:
 * Leave the printk() early, and skip in the main block.
---
 xen/arch/x86/hvm/vmx/vmx.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 829c27f1fa33..a85394232a23 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -4090,7 +4090,7 @@ void asmlinkage vmx_vmexit_handler(struct cpu_user_regs 
*regs)
 
     case EXIT_REASON_INIT:
         printk(XENLOG_ERR "Error: INIT received - ignoring\n");
-        return; /* Renter the guest without further processing */
+        break;
     }
 
     /* Now enable interrupts so it's safe to take locks. */
@@ -4692,6 +4692,7 @@ void asmlinkage vmx_vmexit_handler(struct cpu_user_regs 
*regs)
         break;
 
     case EXIT_REASON_EXTERNAL_INTERRUPT:  /* Handled earlier */
+    case EXIT_REASON_INIT:                /* Handled earlier */
     case EXIT_REASON_TPR_BELOW_THRESHOLD: /* Handled later in 
vmx_intr_assist() */
     case EXIT_REASON_BUS_LOCK:            /* Nothing to do (rate-limit only) */
         break;
-- 
2.30.2

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.